<%-- 
    Document   : login
    Created on : Dec 4, 2011, 11:19:09 AM
    Author     : Michael
--%>


<%

    String login_username = request.getParameter("username");
    String login_password = request.getParameter("password");
    
    DBClasses.GetConnection gc = new DBClasses.GetConnection();
    java.sql.Connection conn = gc.getConnection();
    
    try
    {
        java.sql.Statement stmt = conn.createStatement();
        String query = "SELECT * FROM customer WHERE CustPassword='" + login_password + 
                "' AND Email='" + login_username + "'";
        
        java.sql.ResultSet rs = stmt.executeQuery(query);
        
        if(rs.next())
        {
            session.setAttribute("User", rs.getString("Firstname"));
            session.setAttribute("UserID", rs.getInt("CustomerID"));
            session.setAttribute("AccountNo", rs.getInt("AccountNo"));
            session.setAttribute("LoggedIn", "true");
            session.setAttribute("Access", "Customer");
            response.sendRedirect("profile.jsp");
            
        }
        else 
        {
           query = "SELECT * FROM employees WHERE EmpPassword='" + login_password + 
                   "' AND EmployeeID='" + login_username + "'";
           rs = stmt.executeQuery(query);
           if(rs.next())
           {
                session.setAttribute("LoggedIn", "true");
                if(rs.getInt("Manager")==0)
                {
                    session.setAttribute("EmployeeID", login_username);
                    session.setAttribute("Access", "CustomerRep");
                }
                else
                {
                    session.setAttribute("ManagerID", login_username);
                    session.setAttribute("Access", "Manager");
                }
                
                response.sendRedirect("employee.jsp");
           }
           
           else
           {
               // username or password mistake
               response.sendRedirect("PassMistake.jsp");
           }
        }
        
    }
    catch(Exception e)
    {
        e.printStackTrace();
    }
    
    finally
    {
        try{
            conn.close();
        }
        catch(Exception ee)
                               {
            ee.printStackTrace();
        }
    }
        
%>
